Windows 10: Secure enough for government?

By GCN Staff

Jan 23, 2015

The headline-grabbing news from Microsoft’s Window’s 10 announcement was the free operating system upgrade for some consumer users of Windows and Windows Phone. Unfortunately, that doesn’t apply to enterprise users, or at least not yet. Still the new operating system includes several security features that should interest government IT managers.

Though not much covered at the Microsoft Windows 10 announcement, the operating system has a number of new security features, first discussed in October blog by Microsoft’s Jim Alkove.

That includes built-in multifactor authentication, with the Windows 10 device being one factor and the second a PIN or biometric, such as fingerprint. The authentication scheme is based on the open standards from the FIDO Alliance and will remove the need for security peripherals such as smartcards and tokens, according to a report in SearchSecurity.

Windows 10 also aims to protect user tokens with an architectural solution that stores them within a secure container running on top of Hyper-V technology. This solution prevents the tokens from being extracted from devices even in cases where the Windows kernel itself has been compromised, Alkove said.

Windows 10’s data loss prevention (DLP) solution separates corporate and personal data and helps protect it using containment. The capability is built into the platform and integrated within the existing user experience, which means IT managers can help keep data safe without users having to change their behavior.

The OS enables automatic encryption of corporate apps, data, email, website content and other sensitive information as it arrives on the device from corporate network locations.

For mobile computing, Windows 10 lets IT managers specify which apps are and aren't allowed to access the organization's VPN. Access can also be restricted based on ports and IP addresses. The OS also lets organizations lock down devices, for additional threat and malware resistance. Additionally, administrators can configure devices so only trustworthy apps can be installed on them, including those self-signed by the enterprise from approved software vendors or apps from the Windows Store.

OS as a service

Company officials are now describing Windows 10 “as a service," and suggesting that Windows 10 will be "one of the largest Internet services on the planet." As such, concerns with versions will become less important for end users and Microsoft is suggesting that a service-enabled Windows 10 will ease matters for software developers. Developers of so-called "universal apps," based on Windows 10, will be able to build a single app that works across various Windows devices, such as PCs, tablets, smartphones and Xbox game consoles.

The company's next flagship productivity suite will be called "Office 2016," according to a report on Redmondmag. It's planned for release sometime in the second half of this year. Office 2016 is the traditional installed suite of applications consisting of Excel, PowerPoint and Word, which is designed for use with a keyboard and mouse. In addition, Microsoft announced a forthcoming "Office for Windows 10" release that will consist of "touch-optimized versions of Word, Excel, PowerPoint, OneNote and Outlook."

There will be new and enhanced features in Office for Windows 10 apps, according to Microsoft. A new "Insights for Office" feature in Word will deliver online resources, which are described as "images, web references and definitions," when a user is viewing a document in Word's Read mode.

Microsoft also has enabled the selection of multiple cells in Excel via touch. PowerPoint will have "ink tools" for annotating slides "in real time" during presentations. A demo of these new features, and others, such as copy formatting using a pen tool, can be found in this Microsoft Office Mechanics video.

Microsoft is also building Windows 10 for smartphone devices, which will replace Microsoft's Windows Phone OS. While a public preview of Windows 10 for smartphones hasn't been available to date, Microsoft plans to release its first technical preview of the OS for those devices sometime next month.

Windows 10 PCs and tablets will get the Cortana personal assistant app, which can respond to voice and typed commands (it previously was just an app for smartphones).

Windows 10 also will include a new "Project Spartan" web browser integrated with Cortana. The browser features a reading view that makes web page views more consistent and will allow users to annotate those web page reads with a pen tool. Microsoft demonstrated that annotation capability during the event.

Other apps to be included in Windows 10 include Mail and Calendar, Maps, Music, People and Messaging, and Photos. All of the apps included with Windows 10 can be synchronized through Microsoft's cloud-based OneDrive storage service.

On 2-in-1 devices, Windows 10 will move easily between keyboard/mouse and touch/tablet as it detects the transition and conveniently switches to the new mode.

Windows 10 is currently available at the preview stage, but Microsoft plans to issue another technical preview build next week, with plans to make it available in 25 more languages.

inside gcn

Reader Comments

Mon, Jan 26, 2015

Any system that allows client side installs and executables has a larger attack surface is more vulnerable.

Sat, Jan 24, 2015

Linux

Fri, Jan 23, 2015
Kacey Freeman
USA

It's a shame that governments would still run Windows software. Microsoft would rather charge for things like detoxyourpc.com and the upcoming Office 2016. It would make too much sense to apologize and give away things people actually want... I certainly do not want their free "upgrade."

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.